Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,308
NuGet
760
pip
4,081
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,221 advisories

Loading
A path handling issue was addressed with improved validation. This issue is fixed in macOS... High Unreviewed
CVE-2023-42947 was published Mar 28, 2024
Django Path Traversal vulnerability High
CVE-2024-39330 was published for Django (pip) Jul 10, 2024
sinatra does not validate expanded path matches High
CVE-2022-29970 was published for sinatra (RubyGems) May 3, 2022
Improper processing of some parameters of installed_emanual_list.html leads to a path traversal... High Unreviewed
CVE-2024-33605 was published Nov 26, 2024
The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS... High Unreviewed
CVE-2024-27869 was published Sep 17, 2024
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13... High Unreviewed
CVE-2024-44167 was published Sep 17, 2024
Apache Tiles: Unvalidated input may lead to path traversal and XXE High
CVE-2023-49735 was published for org.apache.struts:struts-tiles (Maven) Dec 1, 2023
ryanmurf
Credited to ryanmurf
Path Traversal: 'dir/../../filename' in moment.locale High
CVE-2022-24785 was published for Moment.js (npm) Apr 4, 2022
A path handling issue was addressed with improved logic. This issue is fixed in visionOS 2.1, iOS... High Unreviewed
CVE-2024-44255 was published Oct 28, 2024
A path deletion vulnerability was addressed by preventing vulnerable code from running with... High Unreviewed
CVE-2024-44159 was published Oct 28, 2024
A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.1.... High Unreviewed
CVE-2024-44195 was published Dec 20, 2024
A path handling issue was addressed with improved validation. This issue is fixed in macOS... High Unreviewed
CVE-2024-54489 was published Dec 12, 2024
A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit... High Unreviewed
CVE-2023-39331 was published Oct 18, 2023
In the Linux kernel, the following vulnerability has been resolved: firmware_loader: Block path... High Unreviewed
CVE-2024-47742 was published Oct 21, 2024
tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File High
CVE-2024-12905 was published for tar-fs (npm) Mar 27, 2025
pcreager23 AryazE
Credited to pcreager23 and AryazE
aiohttp is vulnerable to directory traversal High
CVE-2024-23334 was published for aiohttp (pip) Jan 29, 2024
lcttty solarpeng502
Credited to lcttty and solarpeng502
Path traversal in the OWASP Enterprise Security API High
CVE-2022-23457 was published for org.owasp.esapi:esapi (Maven) Apr 27, 2022
JarLob
Credited to JarLob
Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to... High Unreviewed
CVE-2025-50735 was published Nov 3, 2025
Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the... High Unreviewed
CVE-2025-2817 was published Apr 29, 2025
tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball High
CVE-2025-59343 was published for tar-fs (npm) Sep 24, 2025
lukaselmer cai0duque
Credited to lukaselmer and cai0duque
A path handling issue was addressed with improved validation. This issue is fixed in macOS... High Unreviewed
CVE-2025-43196 was published Jul 30, 2025
tar-fs can extract outside the specified dir with a specific tarball High
CVE-2025-48387 was published for tar-fs (npm) Jun 3, 2025
In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules),... High Unreviewed
CVE-2023-35852 was published Jun 19, 2023
The Manage Backgrounds functionality within Nagvis versions prior to 2.0.9 is vulnerable to an... High Unreviewed
CVE-2021-33178 was published May 24, 2022
HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file... High Unreviewed
CVE-2025-12055 was published Oct 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database